Malware

Malware.AI.4220250440 removal

Malware Removal

The Malware.AI.4220250440 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4220250440 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Executed a command line with /V argument which modifies variable behaviour and whitespace allowing for increased obfuscation options
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the NetWire malware family
  • CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.4220250440?



File Info:

name: 493244F623223F33D6FE.mlw
path: /opt/CAPEv2/storage/binaries/38a3d4505937e056b6c57833c6402637699f4165380e466aa1003402969b7936
crc32: 24A8EDB8
md5: 493244f623223f33d6fec4fc6c5ca53d
sha1: ead54975db4e8d0c9e929e0f3c5872042ff66731
sha256: 38a3d4505937e056b6c57833c6402637699f4165380e466aa1003402969b7936
sha512: ade62bdfc227430617c536b6eda4289dfb78310e5104e8a1b0b76f25b34d879d6451cca555023cc3aae3bf84d83c4b9321c65355c1f2c91ced554bb940d96fb1
ssdeep: 12288:K8XoDnKgatU/nQgWkQ0h43WquynnNXW7SV8N8D+Y48LxnMazxmqN+Jpn892P2Fc3:K8XoDnKgatU/nQfkQ0h43WquynnNXW7X
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T165B495A766608019C66770F8A84DF5B43817EF8EE296B525D2E5FC0640E2313BD8FD8D
sha3_384: b36afc3b6f1cadbc508be9c4c8a79af135aaf8a7eeb6562c4b1dd0d18e0e8532ede95049183fc5820a82deb678b648aa
ep_bytes: 6808164000e8f0ffffff000000000000
timestamp: 2013-08-16 05:59:25


Version Info:

Translation: 0x0409 0x04b0
CompanyName: Alexander Roshal
FileDescription: Nonaband szlachta adoscula
LegalCopyright: Borh pallidit monstrat 2008
ProductName: Halobact unfeveri
FileVersion: 5.03.0009
ProductVersion: 5.03.0009
InternalName: Semitert
OriginalFilename: Semitert.exe

Malware.AI.4220250440 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.VBKrypt.4!c
CynetMalicious (score: 100)
FireEyeGeneric.mg.493244f623223f33
ALYacTrojan.GenericKD.48283493
CylanceUnsafe
SangforTrojan.Win32.VBKrypt.tzrj
CrowdStrikewin/malicious_confidence_70% (W)
AlibabaTrojan:Win32/VBKrypt.8597faaa
K7GWEmailWorm ( 004c16271 )
K7AntiVirusEmailWorm ( 004c16271 )
ArcabitTrojan.Generic.D2E0BF65
SymantecTrojan.Gen.MBT
ESET-NOD32Win32/VB.RAH
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Zusy-6842655-0
KasperskyTrojan.Win32.VBKrypt.tzrj
BitDefenderTrojan.GenericKD.48283493
NANO-AntivirusTrojan.Win32.Inject.ecovzz
MicroWorld-eScanTrojan.GenericKD.48283493
AvastWin32:Malware-gen
RisingTrojan.VB!8.B20 (CLOUD)
Ad-AwareTrojan.GenericKD.48283493
EmsisoftTrojan.GenericKD.48283493 (B)
DrWebTrojan.Inject2.110
ZillyaTrojan.VBKrypt.Win32.244473
TrendMicroTROJ_GEN.R002C0PB722
McAfee-GW-EditionBehavesLike.Win32.Emotet.gh
SophosMal/Generic-S
IkarusTrojan.Win32.VB
AviraTR/Dropper.VB.Gen
Antiy-AVLTrojan/Win32.VBKrypt
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftPWS:Win32/Zbot!ml
ViRobotTrojan.Win32.Z.Vbkrypt.499712.G
ZoneAlarmTrojan.Win32.VBKrypt.tzrj
GDataWin32.Backdoor.NetWireRC.6TWRCB
McAfeeGenericR-CXW!493244F62322
MAXmalware (ai score=84)
VBA32TScope.Trojan.VB
MalwarebytesMalware.AI.4220250440
TrendMicro-HouseCallTROJ_GEN.R002C0PB722
TencentMalware.Win32.Gencirc.11e8a7d7
YandexTrojan.GenAsa!K9GDU/lv7tE
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/PossibleThreat
BitDefenderThetaGen:NN.ZevbaF.34212.Em0@amPDOVgi
AVGWin32:Malware-gen
Cybereasonmalicious.5db4e8
PandaGeneric Malware
MaxSecureTrojan.Malware.300983.susgen

How to remove Malware.AI.4220250440?

Malware.AI.4220250440 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment